This isn't good; if for some reason people start thinking "Sonic game = malware", Sega may get stricter with their Sonic IP rights and start cracking down on fangame devs and ROM hackers.

That being said, Sonic 2 HD originally had some bad coding that made malware detectors think it had some keylogger (it really wasn't a keylogger, just bad programming) and the project got some heat because of that, and Sega didn't react at all to that incident. (The Sonic 2 HD that was restarted relatively recently doesn't have any of these issues, as far as I know.)

Also, the ROM hacking community and Sega (at least Sega of America) have some ties... I've been told that Aaron Webber (RubyEclipse) was a longtime member at Sonic Retro before he was hired by Sega, so hopefully this will blow over soon and be remembered as just one specific dev being a douche.

I doubt Sega will get stricter with their IP as the community has been hammering this game for the past 3-4 days on it. A lot of people know the fan games have been pretty good and a lot of people will see how the fans have been denouncing it.

Also, the ROM hacking community and Sega (at least Sega of America) have some ties... I've been told that Aaron Webber (RubyEclipse) was a longtime member at Sonic Retro before he was hired by Sega, so hopefully this will blow over soon and be remembered as just one specific dev being a douche.

This will most likely be the case.

I wouldnt be surprised if this developer was also trying to secretly install a bitcoin miner too